{"vulnerability": "CVE-2020-3549", "sightings": [{"uuid": "5c0d9488-1d28-49f3-9526-5f7e3fb1e82f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35499", "type": "seen", "source": "https://t.me/cibsecurity/23882", "content": "\u203c CVE-2020-35499 \u203c\n\nA NULL pointer dereference flaw in kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-19T22:51:33.000000Z"}, {"uuid": "ee8ac908-96ba-4a81-9291-d7870be2e53a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35492", "type": "seen", "source": "https://t.me/cibsecurity/25135", "content": "\u203c CVE-2020-35492 \u203c\n\nA flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-18T21:32:21.000000Z"}, {"uuid": "202e0a2a-347a-47b8-9c6b-ee214405f76d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35498", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13145", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-35498\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.\n\ud83d\udccf Published: 2021-02-11T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-23T19:46:26.834Z\n\ud83d\udd17 References:\n1. https://bugzilla.redhat.com/show_bug.cgi?id=1908845\n2. https://www.openwall.com/lists/oss-security/2021/02/10/4\n3. https://www.debian.org/security/2021/dsa-4852\n4. https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html\n5. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/\n6. https://security.gentoo.org/glsa/202311-16", "creation_timestamp": "2025-04-23T20:04:58.000000Z"}, {"uuid": "18fff2ef-5e85-444d-9801-ed2c9dd9376f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35493", "type": "seen", "source": "https://t.me/cibsecurity/21548", "content": "\u203c CVE-2020-35493 \u203c\n\nA flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-04T19:10:48.000000Z"}, {"uuid": "cd2777ae-bd49-402d-a6b5-a0bb79ee2c1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35496", "type": "seen", "source": "https://t.me/cibsecurity/21541", "content": "\u203c CVE-2020-35496 \u203c\n\nThere's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-04T19:10:42.000000Z"}, {"uuid": "21ddfb59-b312-4e7f-b70b-46570db961bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35494", "type": "seen", "source": "https://t.me/cibsecurity/21546", "content": "\u203c CVE-2020-35494 \u203c\n\nThere's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-04T19:10:46.000000Z"}, {"uuid": "b739e49c-2a45-435d-af9e-c1af40863eac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35495", "type": "seen", "source": "https://t.me/cibsecurity/21545", "content": "\u203c CVE-2020-35495 \u203c\n\nThere's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-04T19:10:45.000000Z"}, {"uuid": "0ad02237-8176-4b14-a326-d04e331b2c98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35490", "type": "seen", "source": "https://t.me/cibsecurity/21014", "content": "\u203c CVE-2020-35490 \u203c\n\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-17T22:42:59.000000Z"}, {"uuid": "3aac8196-98b7-493a-88cc-b0fd7b975d50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35491", "type": "seen", "source": "https://t.me/cibsecurity/21010", "content": "\u203c CVE-2020-35491 \u203c\n\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-17T22:42:56.000000Z"}]}